GPSolo Magazine - April/May 2004
Software Police and Software Thieves:
Know Your Rights and Stay Free
The clash between software companies wanting to protect their intellectual property (IP) revenue streams and software users continues in full force and has begun to pull in a wider cast of characters. The “software police,” the most well-known of which is the Business Software Alliance (BSA), have moved from large enterprise targets to schools and small businesses. This year lawyers who think that they are below the radar may get a rude awakening.
“But wait,” you say. “They aren’t targeting me. Our firm pays good money for software and more for upgrades.” Maybe so, but how methodical are you about matching the number of licenses to the number of PCs? Do you keep accurate inventories of which PCs have which licenses? New computers come into your office, old ones go out—are your records up to date? You may have no intention of using software illegally. But how would you look if the BSA audited your firm?
This article reviews the requirements of software licenses, consequences of violating them, and steps you can take to protect yourself and your firm.
Unlike most other products you buy, software programs don’t allow you to do whatever you want with them. Your use is governed by the license of IP rights that accompanies your purchase. A license can slice and dice the IP rights in a nearly endless number of ways: number of copies allowed, where the software may be installed, whether it may be transferred, who can use it and for what, and more.
In general, if you copy or make use of a software program without a license to copy or use it in that particular way, you infringe the rights of the IP owner. The license in essence allows you to avoid a claim of infringement. The presumption is that you cannot use the program a specific way unless the software license clearly authorizes that use.
As a practical matter, however, the legal nuances are implemented when the IP owners set out the program’s limited set of rights and specify restrictions and prohibitions. We generally look at licenses to see what we can do rather than what we can’t do. That is, of course, if we look at them at all.
When the Heck Did I Agree to That?
Most of us are familiar with software license agreements only as lines of small type that precede the “I accept” button that must be clicked in order for the software installation to begin. The thought may cross your mind, “They’ll never be able to enforce these terms. I didn’t sign anything.” Think again.
The current state of the law is that such “click through” contracts are valid and enforceable, assuming the user can reasonably access the terms of the contract and indicate agreement. However, specific licensing provisions, especially those relating to future arbitration and choice of venue requirements, might be found unconscionable or otherwise not enforceable. This area of law continues to evolve; at this point, it’s unlikely a court would invalidate click-through contracts generally.
Are You a Pirate?
If you, the user, do not have a license, act outside the scope of your license, or use the software in a manner prohibited by the license, you are an infringer or “pirate.” Intent does not matter. Some of the most common violations include the following:
• Having more people use a program than you have licenses for
• Installing a program with a single license on multiple computers
• Making more copies of a program than allowed (licenses typically allow an operating copy and one backup copy)
• Using upgrade software without proof of a legitimate underlying license
• Improperly using academic and OEM (original equipment manufacturer) versions of programs
• Downloading or purchasing and using “free,” highly discounted, or other dubiously created copies unaccompanied by legitimate authentication materials
• “Borrowing” a program from a friend or using office software at home
Note that it is easy to inadvertently violate license provisions. Lack of adequate record keeping often leads to problems. You can easily be a pirate without intending to plunder.
A phone call or e-mail sent by a disgruntled (or law-abiding) employee or former employee can put you under the BSA enforcement microscope. The whistle-blower likely knows what the violations are and where to find them, and BSA conducts a thorough interview and a licensing investigation before you’re aware of a thing. Then you receive a letter asking you to demonstrate that you are in compliance with your licenses.
Let’s assume you were not purposely disregarding the software license terms. In response to the letter, you submit whatever proof of licenses you have, likely revealing one or more shortcomings. As a practical matter, the next step usually is an offer to settle—unfortunately, however, the proposed settlement will not be a slap on the wrist. First you’ll be required either to delete infringing copies or purchase the lacking licenses. Second (and more painful), you’ll be asked to cover infringement damages by paying a significant settlement amount. You may have some room to negotiate this amount down, but don’t expect much. During the past five years, BSA has collected more than $50 million in settlement payments in North America.
Suppose an employee did the pirating and you knew nothing about it. The law on vicarious liability for infringement leaves little doubt: You are liable for the actions of your employees.
It’s important to emphasize that running out and buying the missing licenses as soon as you get the letter does not absolve you of the problem. It simply gets you to where you need to be from that day forward. You still are on the hook for the infringement that occurred before you came into compliance. Audit letters typically state that the software inventory must be accurate as of the date you receive the letter.
What about deleting the unlicensed copies after you get the letter or taking other steps to hide what you did? Seriously . . . is there a question? You learned the answer to this one in law school, if not preschool. Someone turned you in for doing what you were doing—the auditing party already has a good picture of what it was.
It’s worth noting that some lawyers recommend not responding to an audit letter, especially if the response demonstrates liability. The software police, however, have no problem pursuing litigation. In fact, at least one organization’s website has a map of the United States on which a click will show you a list of each state’s infringement actions.
Can You Afford It?
In addition to the cost of buying additional licenses and a significant fine, what else have you got to lose? How about your reputation? Highly publicized, visible enforcement actions help keep everyone in compliance. Imagine the impact on your current and potential clients when your firm’s name appears in the local paper along with the words “software piracy.”
In addition to paying out of your pocket and in the press, you stand to lose a lot of valuable staff time complying with an audit by the BSA. Any audit takes the focus off the client work you and your employees want to be doing, but a piracy situation may trigger alarm or cause morale to suffer. Everyone’s perception of what it’s like to work at your firm may be tarnished.
In the end, you spend and expend much more time and energy than you would have spent tracking the original software purchases. And that’s not even mentioning the additional stress. Serious violations may bring about more serious consequences. Copyright infringement carries both civil and criminal penalties in the United States—an infringer may be liable for damages and for any profits that can be attributed to the unlicensed use.
In case we still don’t have your full attention: You also may be liable for statutory damages up to $150,000 for each work infringed and subject to criminal penalties of fines up to $250,000 and imprisonment for up to five years.
Can You Get Away with It?
Ironically, the idea that you’re saving money by going outside software companies’ licensing programs may well be urban myth. Volume discounts often are available for as few as five copies of a program. Support, upgrades, and other benefits now are standard parts of some licensing programs. Microsoft, for example, has a rebate program for Office 2003, plus a new home-user program that allows employers to give employees copies of certain programs to use at home (which could also double as a new employee benefit). Microsoft’s licensing program also allows you to use earlier versions of programs when you license current versions, which makes throwing away your money on cut-rate, dubious-sourced older versions really foolish. Some Microsoft licensing programs even help you keep track of and manage licenses electronically.
Obtaining software from “bargain” sources on the Internet often gets you more than you dreamed of—new viruses and security holes in your systems, no technical help, inability to get updates and patches, and continued reliance on obsolete software. What a deal—in today’s questionably secure electronic environment, you’re begging to become a hacker haven.
Finally, be aware of the risk you take by endorsing an atmosphere in your firm where bending the rules, ignoring requirements, cooking the books, and committing outright theft are tolerated. Remember the doctrine of vicarious liability for infringement; software piracy could turn out to be the least of your problems.
Taking Charge of Compliance
Picture yourself opening a demand letter from the BSA. What feeling do you get in the pit of your stomach? Think about digging through files and boxes and storerooms for those old software licenses. If these mental pictures are ugly, use them as motivators to take the first step in straightening out your software license mess.
You are not alone. It is hard enough simply to keep on top of licensing for one person using one computer. Receipts, proofs-of-purchase, original boxes, hundreds of manuals, unlabeled disks—the stuff’s like the Hulk. The problem expands even further when you factor in new computers, program upgrades, laptops and PDAs, and the occasional (but usually unfinished) clean-up-the-file-room binge.
But would we paint such a dismal picture without a sunny solution on the horizon? For a small investment of time and money, you can have a network inventory program do part of your work, like scanning all computers and listing all the installed software programs. We like Newt Professional from Komodo Digital, which offers a version for up to ten PCs as a free download (www.komododigital.com). Installing and using the file is not difficult, but you may run into trouble automatically accessing multiple computers if you don’t have peer-to-peer networking. (Even so, you’d just need to install and run the program individually on each PC.) Similar products are available from EMCO Software (www.emco.is) and DEK Software (www.deksoftware.com). For the paranoia-free, BSA also offers free software audit tools and other information (www.bsa.org).
Go Forth and Sin No More
The following information will help you take charge of your licensing position and maximize your level of compliance. Because daily emergencies are likely to intrude on this project, consider bringing in an outside consultant or support person to get the job done. Using this seven-step process will bring you in line with the law, provide numerous collateral benefits, and protect you in the event of a future software audit.
1. Inventory software and hardware. Everything starts with getting a handle on what you have. Some firms couldn’t tell you how many computers they have, let alone all the software programs they use. Include hardware in the inventory because some licenses require that programs be operated only on certain computers or even specific processors. Your final lists should include the following: all installed programs; the computers each program is installed on; users for each program; unused and uninstalled software programs; and a brief description of what each program does, ideally accompanied by the name of the employee who knows most about the program.
2. Locate license agreements, receipts, and other documentation you have for each program. Unfortunately, you can work only with what you have. Scour your office and storage spaces for whatever might be applicable. Using a liberal supply of filing boxes, hanging files, and file folders, organize or reorganize these materials.
3. Match programs and licenses. This task is both tedious and frustrating, but it’s got to be done. Using a spreadsheet (make sure at least the copy you use is licensed!) to enter and track this information helps—data can be formatted in charts and numbers calculated automatically.
4. Read the licenses. Focus on what the license specifically grants; specific restrictions, prohibitions, and permissions; and users’rights to transfer or assign licenses. Note all limitations or restrictions and be particularly alert for rights you may have, such as the right to install on a laptop or home computer. It makes sense to add a summary of the license terms to your inventory spreadsheet for quick reference.
5. Create an action plan. The inventory process has a hidden bonus: identifying unnecessary costs and other inefficiencies. Are you paying annual maintenance fees for programs no one uses? Was that expensive new program ever used? Do you have extra licenses for certain programs? Have you missed opportunities for volume discounts? Focus closely on programs for which you are underlicensed. In some cases you can eliminate the deficiency by restricting the number of users or, in the case of obsolete or rarely used programs, deleting them. At the end of this process, you should have the major issues identified and a clear list of next steps.
6. Do your best. As you might have guessed by now, the odds are quite low that you’ll dot every “i” of software compliance. You will have to make some judgment calls based on your level of comfort with your documentation, changing or restricting the use of programs or even deleting a few. You might decide to purchase additional licenses for others. Your general goal is to reach a point where you can do business comfortably.
7. Implement a system to stay in control. Staying in compliance is one part working with a good system and one part picking the right people for the job. Proficient techs may be poor record keepers. Your bookkeeper might be the right person for this responsibility. The system, however designed, should provide a simple way to stay accurate and up to date on inventory. Consider adding a discussion of acceptable software use to your orientation materials for new and existing employees and a policy to your employee/office procedures manual.
The Parrot Did It: Help for Pirates
The first three websites below, although somewhat biased, have good information on piracy and infringement issues, license programs, and compliance procedures and tools. The final article describes the BSA and BSA audits.
Business Software Alliance: www.bsa.org
What Are the Repercussions of a BSA Audit? www.asia.cnet.com/itmanager/trends/0,39006409,39039672,00.htm
Lisa Radcliffe, Software Licensing: Protecting Your Organization from Lawsuits,The H.E.L.P. Organization, www.uwnyc.org/technews/pf_v2_n4_a3.html